Risk Management and the Smaller Manufacturer – Part 3

Risk Management and the Coming ISO 9001:2015 Standard

This is the third of a three post series on risk management. Part 1 of this series provides an overview of risk management. [1] Part 2 of the series provides specific risk management suggestions for smaller manufacturers, especially the use of Failure Modes Effects Analysis (FMEA). [2] This post, part 3, focuses on the risk management aspects of the new ISO 9001:2015 Standard for Quality Management Systems.

The ISO 9001:2015 Standard

ISO 9001 GraphicISO, the International Organization for Standardization, organizes the creation of thousands of voluntary; consensus based global standards for business, commerce and technology. The ISO 9001 Standard for Quality Management Systems is likely the most widely known of those standards. Over a million firms and organizations in 170 nations have been certified as compliant with the ISO 9001 Standard.

ISO policy requires that existing ISO standards be reviewed and revised periodically. The current version of the ISO 9001 Standard was issued in 2008, hence is referred to as ISO 9001:2008. A new version has been under development for several years. It is expected to be released as ISO 9001:2015 later this year. The million-odd firms and organizations now certified to ISO 9001:2008 will have three years following the release of ISO 9001:2015 to revise their quality management systems and have them recertified to the new version of the Standard. [3]

Opportunity – The Flip Side of Risk

There are several significant changes in the new ISO 9001:2015 version. Perhaps the most obvious is a broad emphasis on risk management. The current version, ISO 9001:2008, requires that compliant quality management systems include a documented process for Preventive Actions – pre-emptive actions to reduce the risk of future product non-conformities. The new version drops the requirement for a documented Preventive Actions process. Instead, the ISO committee tasked with developing the ISO 9001:2015 version holds that risk management has been implicit in earlier versions. [4] The new version makes risk assessment and risk management explicit throughout the standard.

The same ISO committee points out that opportunity is the flip side of risk. Analysis and assessment of risk may well suggest opportunities for improvements. Consider this:

Objectives > Operating processes > Results

The organization’s objectives are realized as results by means of the operating processes that the ISO 9001 Standard describes. “Improvement” should be thought of as improvement in results relative to those objectives. “Opportunity is not always directly related to risk, but it is always related to objectives. By considering a situation, it may be possible to identify opportunities to improve.”

Practically speaking, it appears to me that the Failure Mode Effects Analysis (FEMA) discussed in a previous essay can provide a ready structure for complying with much of the risk assessment, opportunities identification, follow – through and documentation activity required by ISO 9001:2015. [5]

Some Food for Thought

Should your firm embrace ISO 9001:2015? If you are currently certified to ISO 9001:2008, a moderate amount of rework will be required to bring your existing quality management system into compliance. You will have three years in which to implement the necessary changes. Prior to undertaking that work, you may wish to evaluate your experience to date with ISO 9001 and its role in the accomplishment of your firm’s objectives.

Discipline and Sustainability: ISO 9001 is intended to promote disciplined operations. Disciplined operations promote uniformity in outputs, including product uniformity and throughput rate consistency. Uniform outputs improve competitiveness by improving customer satisfaction and by reducing wastes, hence costs. Competitiveness – the ability to persist financially in a globalized economy – is a prerequisite for Sustainability by any rational definition of that term.

Chuck - Vancouver Thoughtful comments and experience reports are always appreciated.

…  Chuck Harrington

(Chuck@JeraSustainableDevelopment.com)

P.S: Contact me when your organization is serious about pursuing Sustainability … CH

This blog and associated website (www.JeraSustainableDevelopment.com) are intended as a resource for smaller manufacturers in the pursuit of Sustainability. While editorial focus is on smaller manufacturers, all interested readers are welcome. New blog posts are published on weekly.

ISO 9001 Graphic from www.dreamstime.com


[1] See: http://jerasustainabledevelopment.com/2015/04/11/risk-management-and-the-smaller-manufacturer-part-1/

[2] See:  http://jerasustainabledevelopment.com/2015/04/18/risk-management-and-the-smaller-manufacturer-part-2/

[3] For more on ISO and the ISO 9001 Standard, see ISO’s website at www.iso.org. ISO also offers a publication entitled ISO 9001 for Smaller Businesses, available for sale at:  http://www.iso.org/iso/home/store/publication_item.htm?pid=PUB100313

[4] The ISO committee mentioned is Technical Committee 176, subcommittee 2. The references to risk management are from ISO/TC 176/SC2 Document N1222 (July 2014)

[5] Again, :  http://jerasustainabledevelopment.com/2015/04/18/risk-management-and-the-smaller-manufacturer-part-2/

 

Risk Management and the Smaller Manufacturer – Part 2

This is the second of a three post series on risk management. Part 1 of this series, posted last week, provides an overview of risk management.  This post, part 2 of the series, reprises and updates a post from 2012. This post provides specific risk management suggestions for smaller manufacturers, especially the use of Failure Modes Effects Analysis (FMEA). Part 3 will focus on the risk management aspects of the new ISO 9001-2015 Standard for Quality Management Systems.


Risk Management for Smaller Manufacturers

(From 13 September 2012)

The previous post to this blog offered some general ideas on risk management. This post addresses risk and the smaller manufacturer. To begin, two points need be clear:

>> Risk Management doesn’t necessarily mean the elimination of risk. Risk is a fact in business, and risk is often the flip side of opportunity. Consider the insurance industry. That industry exists due to risks. Insurance carriers assume risks from others (that is, they sell insurance coverage), and they invest the premiums they receive. Insurance carriers manage risks on both ends: on underwriting and on investment. You can be sure that risk-based industries like the insurance industry understand the risks they take.

Capture - OSHA Incidence Rates>> Look at this graph of manufacturing employee job related injury / illness incidence rates over the past 17 years. The rate at which the incidence rate has improved blows me away. The point here isn’t about safety or OSHA Recordables. The point is that sustained efforts to reduce risk do work, sometimes dramatically.

Failure Mode Effects Analysis 

FMEA, Failure Mode Effects Analysis, provides a powerful tool for identifying, assessing and addressing risks. FMEA can be applied to products, processes and projects. In essence, FMEA provides a framework for looking at possible failure modes (meaning risks), determining the probable frequency of occurrence of each, then the likely severity, then the potential for detecting symptoms of each mode. From these considerations, a risk priority is calculated, so that risk management actions can be prioritized.

FMEA can also be applied to organizational – level matters, including strategic planning.  In particular, FMEA can be used when setting Objectives. By applying FMEA, particularly in conjunction with Ishikawa (“fish-bone”) diagrams, possible impediments to achieving your objectives can be determined and prioritized for pre-emptive actions. A prior post to this blog outlines how this can be done [1].

Capture - FMEABasic introductions to FMEA are available on the web from the American Society for Quality  [2] and from Wikipedia  [3]. Also, there are many books available, starting with an inexpensive 90 page “primer” [4]. If you prefer to use a qualified consultant, you might call your nearest Manufacturing Extension Partnership office for a local referral [5] .

As you may have guessed, FMEA is, in my view, one of the best general purpose tools for managing risk in manufacturing organizations. And managing risks is a key component of navigating the future. The new ISO 9001-2015 Standard for Quality Management Systems [6]  will explicitly require evidence of “risk based thinking”. FMEA provides a valuable tool for compliance.

Chuck - Vancouver3Thoughtful comments and experience reports are always appreciated.

 

…  Chuck Harrington (Chuck@JeraSustainableDevelopment.com)

P.S. — When it is time for your firm to seriously pursue Sustainability, contact me — C.H.

Note: This blog and associated website (www.JeraSustainableDevelopment.com) are intended as a resource for smaller manufacturers in the pursuit of Sustainability. While editorial focus is on smaller manufacturers, all interested readers are welcome. New blog posts are published weekly.

Images: Illness / injury incidences graph – Jera, using data from the Bureau of Labor Statistics, www.bls.gov. FMEA graphic – Dieter Vanduen, in the public domain, via Wikipedia


[1]  See Green and the Zoom Lens Mind, this blog, http://blog.jerasustainabledevelopment.com/2012/02/22/green-and-the-zoom-lens-mind/

[2]  http://asq.org/learn-about-quality/process-analysis-tools/overview/fmea.html

[3]  http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis

[4]  Mikulak, R. and R. McDermott and M. Beauregard, Basics of FMEA, Second Edition, Productivity Press, New York (2009)

[5] For the MEP, go to www.NIST.gov/MEP. There is a map of the U.S. Click on your state for local contact information.

[6] The ISO 9001 Standard for Quality Management Systems is expected to be significantly revised and re-issued in 2015.

 

 

Risk Management and the Smaller Manufacturer – Part 1

There is no business without risk. Recognizing, evaluating and managing risk is a familiar, if under emphasized managerial function. A new version of the ISO 9001 Standard for Quality Management Systems will be released this year. The ISO 9001-2015 revision specifically requires “risk based thinking”.

This is the first of a series of posts on risk management. This post, part 1 of a three part series, reprises and updates a post from 2012, which provides an overview of risk management. Part 2 will provide some specific risk management suggestions for smaller manufacturers, while Part 3 will focus on the risk management aspects of the new ISO 9001Standard.


Downside Up – Managing Risks

From: 6 September 2012

“A ship is safe in harbor, but that’s not what ships are for” [1]

http://www.dreamstime.com/-image13677745For a business unit to be Sustainable, that is, to thrive in perpetuity [2] it is clearly necessary to manage the downside of business as well as the upside. In today’s globalized economy, where social impacts and environmental impacts must be managed along with increasingly complex economic issues, managing the downside goes far past insurance coverage. Managing risk does not mean eliminating risk, because opportunity is often the flip side of risk — like the ship experiences at sea.

Last year, Greg Hutchins [3]  made a presentation entitled Risk Management – The Future of Quality. He kindly provided a copy of the slides from his presentation, along with permission to quote. I take the pillars of his presentation to be:

> Businesses operate in an increasingly “VUCA” world, where Variation, Uncertainty, Complexity and Ambiguity too often prevail, and

> To cope with a “VUCA” world, risk management should follow the same course quality management has taken over the last quarter century. Four slides from Greg’s presentation illustrate the changes he recommends:

Capture - Q+ E - VUCA

In essence, Greg borrows the structured, process focused, statistical approach that defines contemporary quality management and applies that approach to risk management. His presentation does a good job of introducing the concepts behind effective risk management. You might contact Greg through his website (www.qualityplusengineering.com) and request a copy of his slides.

The International Organization for Standardization (ISO) takes a similar approach in the ISO 31000 International Standard for Risk Management – Principles and Guidelines. Those familiar with the ISO 9001 standard for quality management systems will readily grasp its relationship to the new ISO 31000 standard. However, unlike ISO 9001, ISO 31000 provides guidelines, not requirements. So, there is no need to be certified to ISO 31000. Also unlike ISO 9001, ISO 31000 does not require another documented management system. Rather, ISO 31000 recommends that risk management be fully integrated with existing management processes and systems.

The guts of ISO 31000 are the Risk Management Framework and the Risk Management Process. The Framework “provides the foundations and arrangements that embed (risk management) throughout the organization and at all levels”. The Framework deploys the Risk Management Process. The Risk Management Process consists of a series of steps: Establishing the Context, Risk Identification, Risk Analysis, Risk Evaluation and Risk Treatment. The Process serves to determine the actions to be taken to address risks as they are encountered.

Establishing a policy for addressing risks is central to all of this. The policy expresses the organization’s level of risk tolerance in such a way that authorized decision makers at all levels have a common basis for making decisions on risk. Keep in mind that risk management decisions are exercises in assessing probabilities, conducted in a “VUCA” atmosphere. Beware of assessing probabilities intuitively. Daniel Kahneman [4] won a Nobel Prize for his work on decision making. He found that the intuitive part of human thought just doesn’t handle statistical matters very well. Do the numbers.

Part 2 of this post will make some specific risk management suggestions for smaller manufacturers. Part 3 will address the coming ISO 9100-2015 requirements for risk management.

Chuck - Vancouver3Thoughtful comments and experience reports are always appreciated.

 

…  Chuck Harrington (Chuck@JeraSustainableDevelopment.com)

P.S: Contact me when your organization is serious about prospering in the globalized 21st century … CH

This blog and associated website (www.JeraSustainableDevelopment.com) are intended as a resource for smaller manufacturers in the pursuit of Sustainability. While editorial focus is on smaller manufacturers, all interested readers are welcome. New blog posts are published on weekly.


[1] This quote is most often attributed to William G.T. Shedd (1820 – 1894). There is some controversy however. Others attribute the quote to John A. Shedd, from a 1928 book or to Admiral Grace Hopper.

[2] Werbach, Adam, Strategy for Sustainability, Harvard Business Press, Boston (2009), page 9

[3] Greg Hutchins, P.E., Quality Plus Engineering. Quality Plus Engineering is an Oregon – based firm focused on critical infrastructure protection. Learn more at: www.qualityplusengineering.com

[4] See Kahneman’s remarkably readable new book, Thinking, Fast and Slow, Farrar, Straus and Giroux, New York (2011), especially Chapter 31 on Risk Policy